1. Field of the Invention
The present invention relates to a system for improving Web hosting performance, content distribution and security on the Internet, by means of creating a TCP terminating buffer around subscriber WEB Sites.
2. Description of the Related Art
The Internet is a global collection of millions of computers, all networked together. This network typically allows all of the computers to communicate with one another in a client/server relationship. As used in this document a “client” can be broadly construed to mean any computer or device or application or set thereof that is connected in any manner to a network of any type and connects to a “server” on that network to perform some operation or to request a service. The “server”, as used in this document, can be broadly construed to mean a computer or device or application or set thereof that serves the clients connected to it by means of providing services and responses to requests.
To illustrate how a client/server relationship operates over the Internet the following example is presented. A user of the Internet, a citizen of Almaty, Kazakhstan, knows that books can be obtained inexpensively at a WEB Site called Amazon, based over 10,000 kilometers away in America. The user's client computer is connected to an Internet Service Provider (hereafter referred to as ISP) via a modem and regular telephone line, which in turn is connected to the rest of the Internet by high-speed backbone fiber-optic lines, undersea cables and satellite links. Using client browser software like Netscape or Microsoft Internet Explorer, the user types in Amazon's Uniform Resource Locator (hereafter referred to as URL) in his/her Internet browser software. A URL is a character string that identifies an Internet document's exact name and location. For example, Amazon's homepage URL is www.amazon.com. The ISP routes the request to a Domain Name Server (hereafter referred to as DNS). An essential function of a DNS is to allow users to locate computers on the Internet by domain name. The DNS maintains a “whois” library of domain names, addresses and server localities. The DNS translates the required domain name into a 32-bit IP address, which is unique on the Transmission Control Protocol/Internet Protocol (hereafter referred to as TCP/IP) network. The DNS translates Amazon's current address to “207.71.182.16”, and forwards the request to the Amazon server. The Amazon server recognizes that a client using HyperText Transport Protocol (hereafter referred to as HTTP) has requested to “get” a page. The server retrieves the page and sends it down the same communication channels to the client browser. A split second after requesting the price of a book from Amazon, the user in Almaty views the information neatly displayed on the computer screen.
The basics are very simple. In theory, a client machine connecting to a server machine at any distance over a fast Internet connection should be able to request and receive files speedily. However, in real life many factors aggravate this process and thereby impact on performance and adversely effect the client, the server, the Internet and the entire data transfer process in general.
The Web page is typically a file that contains text, graphics, audio elements and more. HTML tags that describe how the file should be formatted and presented when a browser displays it on a screen, usually define the Web page. The tags are instructions that tell the Web browser how the page should look when displayed. The tags tell the browser to do things like change the font size or color, or arrange content in columns or around figures.
The HTML format typically contains several embedded references to rich content objects, such as images, which must be retrieved separately. After the client receives the server output, the client browser requests each embedded object referred to in the downloaded HTML files. These objects are often located on the original server, which then returns the objects to the user over the Internet. This last step is usually bandwidth intensive due to the size of the multimedia files in use. Clearly, pages having a large number of embedded objects can require significant download times.
A Web server that delivers standard “static” pages, i.e. pages that do not change, does not typically use excessive processing power. However, servers also deal with Web pages that are “dynamic” or change. For example, a search engine that allows keywords to be entered on an HTML form, and then creates a dynamic answer page based on the keywords entered. In this case, the Web server is not merely “looking up a file”, but by using a dynamic scripting technique like Common Gateway Interface (CGI), it is processing information and generating a dynamic page based on the specifics of the query.
Over time Dynamic Pages have become even more complex and processor heavy. Dynamic page generation, also known as dynamic scripting, allows a Web site to assemble pages at run-time, based on various parameters. Delaying page content decisions until run-time affords a Web site significant flexibility in customizing page content. For example, the WEB Site could display up-to-date information on stock-on-hand, theatre ticket prices or the availability of airline seats. Real time on-line auctions can be conducted, and news can be drawn from a database and changed by the minute.
As e-business (Electronic Business) providers increasingly adopt dynamic page generation technologies, web and application server scalability is significantly reduced because pages are now generated “on demand”. This places additional load on servers in order to retrieve and format the requested content. In many cases, bottlenecks associated with server side page generation is the dominant impediment to efficient page generation, and consequently, to the efficient delivery of Web content.
When a client requests a dynamic Web page, the request is passed from the Web server to the application server, which executes the script that generates the page. This step involves additional work on the part of the application server in order to retrieve and format the requested content. Content is typically retrieved from underlying database systems. Once the content is retrieved, additional steps may be required to format the content; for example, content data stored as XML must be rendered as HTML using an eXtensible Stylesheet Language Transformation (XSLT) processor. HTML is an interpreted language that places a heavy burden on the CPU. The server therefore performs significant work in order to output the HTML to the requesting client. Many simultaneous requests naturally impair server performance.
With the advent of multimedia on the Internet, Web servers are increasingly providing large files like videos and music for downloading. Thousands of hits at uncoordinated times, especially for large files, are detrimental to performance.
Internet users are steadily switching to broadband access as various types of Digital Subscriber Lines (DSL) and cable modems continue to penetrate the market. However, neither the servers, to which they are connecting, nor the ISPs and the hosting services are sufficiently prepared to meet the growing demand for content. The result is that users experience a delay in response time as pages take longer to download. The reasons for this can be found in the operation configuration of the server, its location and the various types of services used for IP traffic.
E-commerce has experienced phenomenal growth during the past few years, and this upward trend is expected to continue. This vast growth in revenue carries with it significant increases in Web traffic. Given the current state of Internet infrastructure technology, Internet sites are finding it difficult to support such extreme growth while maintaining acceptable qualities of service.
As seen from the above description, there are many factors that burden WEB Site and WEB Server performance and thereby curtail Internet performance in general.
Another element that adversely affects WEB performance is hostile attacks on the Internet. In spite of continually improving anti-virus programs and firewall systems, these attacks on computer systems are becoming even more sophisticated. A form of hostile attack that particularly chokes Internet transmission and cannot be combated by current tools, is a Denial of Service (hereafter referred to as DoS, sometimes referred to as a Distributed Denial of Service or DDOS) attack. A DoS attack is an attempt to overload a server's ability to respond by means of flooding it with requests for service. A DoS attack can be compared to a crowd at a stadium clamoring and pushing to get in through one gate. Due to the crush the gate clogs up and very few succeed in getting through. Even if the gate is wide, the number getting through is small compared to the number that could pass if there were more order and less jostling. As the gatekeeper is so preoccupied in securing order and resisting unlawful entry, also valid ticket holders to get delayed or blocked at the gate. The same occurs on the Internet during a Denial of Service attack. The aim of the attackers is not to access the attacked site but rather to swamp the site with meaningless “get” requests. The sheer number of requests arriving clogs up all available bandwidth and leaves no room for authorized traffic. Even it the firewall or site rejects the nonsense “get” requests the flooding damage is accomplished as authorized users are also prevented from accessing the site.
Attacks that swamp WEB Sites need not always be premeditated by malevolent attackers, but may occur naturally. For example, Valentines Day 2001 saw the major greeting card sites; Hallmark, American Greetings and eGreetings experience downtime as star-struck surfers innocently stormed the servers.
Speed is of essence on the Internet. Research shows that if a Web page requires longer than a few seconds to load, the majority of clients will abandon the request. [Zona Research, quoted in Interactive Week Vol. 6, No. 36, September 1996.] Site owners and hosting providers realize the dire necessity of providing bandwidth, performance and above all, Quality of Service (QoS) in order to retain and improve the Internet market.
To overcome the above-mentioned problems and many others, various methods have been devised, as follows:
Cache and Cache Servers are methods of storing frequently requested pages, files and images for quick retrieval. Instead of the server having to laboriously repeat the same steps for every separate request for the same page, the page is kept for a determined amount of time in an area designed for quick and easy access.
However, not all data can be cached. Whereas Static data is easily cached, Dynamic data is typically not cached. In addition, a typical cache machine is physically incapable of caching an abundance of data.
Proxy Servers are devices that reside between the server and the client with the intention of separating between them for security and operational purposes. Proxy servers have two main functions, to process and filter all Internet Protocol (IP) packets that are directed to them, and to decide which protocols and services can be served out of their caches. A Proxy offers a great range of protocol and caching support since it caches Hypertext Transport Protocol (HTTP), Secure Hypertext Transport Protocol (HTTPS), File Transfer Protocol (FTP) and, in some cases, streaming content such as RealAudio and PointCast. The client browser addresses the proxy server directly by setting specific parameters. However, the Proxy Server is lacking in several aspects, such as, a Proxy Server is susceptible to DoS attacks. In the case of DoS attacks, whereas the Proxy Server can successfully reject hostile and nonsense requests, as discussed, the aim of the DoS attack is to flood the server with requests and not necessarily to access it at all.
A similar method for keeping a network secure from intruders is a Firewall. The Firewall can be an application or may comprise a combination of routers and servers each performing some type of firewall processing, to control access to the network and monitor the flow of network traffic. A firewall filters out unwanted network traffic and wards off outside intrusion into a private network. However, for the firewall to reject a packet, it must first arrive at the firewall and be challenged and rejected. Thus the firewall method is ineffective in the case of DoS attacks.
Current methods typically have no control over incoming requests to hosted sites. They can manage outgoing traffic by use of forward caching and other sophisticated technology, whereby requests are intercepted and redirected to cache servers. However, there is no practical way of controlling large numbers of incoming requests. Therefore, when real or artificially induced (DoS) overload occurs, the overload can neither be regulated nor resolved.
An accepted current method for speeding web access is to “mirror” a copy WEB Site at close proximity to clients around the world. However the “mirror” sites solution is not ideal for several reasons. The WEB Site owners need to maintain contracts with alternative hosting providers for each mirror site. Separate sites engender security problems and diminish the WEB Site owner's control over their home site. Economically site duplication is not feasible, as due to overhead expenses additional sites are more expensive to maintain than just the parent site. Software or hardware like that provided by Cisco (Cisco Systems, Inc., San Jose, Calif.) and Nortel (Northern Telecom Limited, Brampton, Ontario, Canada, for mirroring and synchronizing sites is expensive, and presents an operational burden on the system. Decentralization or replications are often not effective solutions for a Web hosting service provider because of the large infrastructure and increase in bandwidth and storage capacity required.
Load Balancing is a method of fine-tuning a network in order to evenly distribute the data and/or processing across available resources and ensure that all available instances of an application are given a similar amount of requests. For example, in clustering, load balancing might distribute the incoming transactions evenly to all servers, or it might redirect them to the next available server that is sufficiently free to process the request.
Current Load Balancers are typically limited by their inability to handle an abundance of requests. Also, similar to other systems, a load balancer is susceptible to DoS attacks. If the load balancer is incapacitated due to a flood of requests, it cannot forward on authorized requests to be processed.
A possible way to cope with fluctuations of excessively heavy traffic that could swamp a WEB Site is to overload each Site with masses of additional and redundant server hardware. Most of the time, during regular traffic flow, this hardware would remain latent. However, especially in the case of WEB Sites that maintain mirror sites, the superfluous equipment solution is expensive and excessive.
U.S. Pat. No. 6,178,160 of Bolton et al., which is fully incorporated herein by reference, provides an algorithm to load balance clients across a network. This invention particularly concerns domain-name servers' network-address choices. According to the invention, name servers are dispersed geographically with the intention of reducing communications costs by having the web clients directed to the nearest application server. The name server selects the application server that appears closest to the source of the DNS request, and it gives the selected site's network address as the response to the DNS request.
This method has several drawbacks. In effect, rather than locating a single name server, it spreads name servers for measurement purposes, the physical location of these Name Servers being dependant on those network decisions and measurement. The client deals with the Name Server, by means of a client protocol, typically IMCP, TCP or UDP, to make a decision to where the request should be transferred. This exacts a burden and a security onus on the Name Server.
In addition, this system is reliant on cookies, the legality and ethics of which is questionable.
U.S. Pat. No. 6,240,461 of Cieslak et al., which is fully incorporated herein by reference, provides a method and apparatus for caching network data traffic. However this method is merely a port-80 cache server director that captures HTTP requests and redirects them to legacy cache servers. Its main purpose is to provide better and efficient outside access and to save bandwidth to the outgoing Internet pipelines. It deals neither with the problem of bandwidth to the origin server's pipelines nor with bandwidth and traffic redundancy to the application servers.
U.S. Pat. No. 6,256,712 of Challenger et al., which is fully incorporated herein by reference, provides a scaleable method for maintaining and making consistent updates to caches, by identifying several versions of objects, updating obsolete objects, quantitatively assessing how different two versions of the same object are, and/or maintaining consistency among a set of objects.
However, in the first place this problem would be averted if the system did not provide several versions of the same object.
The aim of many of the above and other solutions is to provide improved systems and methods to satisfy demand. However, this manner of providing solutions to problems of demand and bandwidth merely creates a vicious circle, wherein supply is increased by means of more advanced technology, faster communication links and superior accessibility. These methods inevitably result in increased user expectations and demand, thereby again imposing a strain on supply.
There is thus a widely recognized need for, and it would be highly advantageous to have, an alternative solution for enabling improved performance for Web servers, in terms of responding to data requests, and for furthermore enabling improved access to and retrieval of data between client browsers and host WEB Servers, such that augmenting WEB Site security and Website expansion are easily enabled.
Furthermore, it would be highly advantageous to have, a system that enables a more effective way of dealing with DoS attacks, so that such attacks could be identified and averted.